datadog-api-client-java/examples/v2/security-monitoring/ValidateSecurityMonitoringRule_2609327779.java at 808c9f4dd1325c80690ec1aa7a0278f04d05e158 · DataDog/datadog-api-client-java · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
// Validate a detection rule with detection method 'new_value' with enabled feature
// 'instantaneousBaseline' returns "OK"
// response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleCaseCreate;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleDetectionMethod;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleEvaluationWindow;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleKeepAlive;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleMaxSignalDuration;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleNewValueOptions;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleNewValueOptionsForgetAfter;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleNewValueOptionsLearningDuration;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleNewValueOptionsLearningMethod;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleNewValueOptionsLearningThreshold;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleOptions;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleQueryAggregation;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleSeverity;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleTypeCreate;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleValidatePayload;
import com.datadog.api.client.v2.model.SecurityMonitoringStandardDataSource;
import com.datadog.api.client.v2.model.SecurityMonitoringStandardRulePayload;
import com.datadog.api.client.v2.model.SecurityMonitoringStandardRuleQuery;
import java.util.Arrays;
import java.util.Collections;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    SecurityMonitoringRuleValidatePayload body =
        new SecurityMonitoringRuleValidatePayload(
            new SecurityMonitoringStandardRulePayload()
                .cases(
                    Collections.singletonList(
                        new SecurityMonitoringRuleCaseCreate()
                            .name("")
                            .status(SecurityMonitoringRuleSeverity.INFO)))
                .hasExtendedTitle(true)
                .isEnabled(true)
                .message("My security monitoring rule")
                .name("My security monitoring rule")
                .options(
                    new SecurityMonitoringRuleOptions()
                        .evaluationWindow(SecurityMonitoringRuleEvaluationWindow.ZERO_MINUTES)
                        .keepAlive(SecurityMonitoringRuleKeepAlive.FIVE_MINUTES)
                        .maxSignalDuration(SecurityMonitoringRuleMaxSignalDuration.TEN_MINUTES)
                        .detectionMethod(SecurityMonitoringRuleDetectionMethod.NEW_VALUE)
                        .newValueOptions(
                            new SecurityMonitoringRuleNewValueOptions()
                                .forgetAfter(
                                    SecurityMonitoringRuleNewValueOptionsForgetAfter.ONE_WEEK)
                                .instantaneousBaseline(true)
                                .learningDuration(
                                    SecurityMonitoringRuleNewValueOptionsLearningDuration.ONE_DAY)
                                .learningThreshold(
                                    SecurityMonitoringRuleNewValueOptionsLearningThreshold
                                        .ZERO_OCCURRENCES)
                                .learningMethod(
                                    SecurityMonitoringRuleNewValueOptionsLearningMethod.DURATION)))
                .queries(
                    Collections.singletonList(
                        new SecurityMonitoringStandardRuleQuery()
                            .query("source:source_here")
                            .groupByFields(Collections.singletonList("@userIdentity.assumed_role"))
                            .metric("name")
                            .metrics(Collections.singletonList("name"))
                            .aggregation(SecurityMonitoringRuleQueryAggregation.NEW_VALUE)
                            .name("")
                            .dataSource(SecurityMonitoringStandardDataSource.LOGS)))
                .tags(Arrays.asList("env:prod", "team:security"))
                .type(SecurityMonitoringRuleTypeCreate.LOG_DETECTION));

    try {
      apiInstance.validateSecurityMonitoringRule(body);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#validateSecurityMonitoringRule");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}